mail: add flag to enable/disable pop3 access per mailbox

2021-10-08 10:15:48 -07:00
parent 9414041ba8
commit 000db4e33d
6 changed files with 30 additions and 6 deletions
--- a/src/ldap.js
+++ b/src/ldap.js
@@ -616,18 +616,20 @@ async function authenticateMail(req, res, next) {
    const parts = email.split('@');
    if (parts.length !== 2) return next(new ldap.NoSuchObjectError(req.dn.toString()));

-    const serviceId = req.dn.rdns[1].attrs.ou.value.toLowerCase(); // msa, imap, sieve
-    if (serviceId !== 'msa' && serviceId !== 'imap' && serviceId !== 'sieve') return next(new ldap.OperationsError('Invalid DN'));
+    const knownServices = [ 'msa', 'imap', 'pop3', 'sieve' ];
+    const serviceId = req.dn.rdns[1].attrs.ou.value.toLowerCase();
+    if (!knownServices.includes(serviceId)) return next(new ldap.OperationsError('Invalid DN. Unknown service'));

    const [error, domain] = await safe(mail.getDomain(parts[1]));
    if (error) return next(new ldap.OperationsError(error.message));
    if (!domain) return next(new ldap.NoSuchObjectError(req.dn.toString()));

-    const serviceNeedsMailbox = serviceId === 'imap' || serviceId === 'sieve';
+    const serviceNeedsMailbox = serviceId === 'imap' || serviceId === 'sieve' || serviceId === 'pop3';
    if (serviceNeedsMailbox && !domain.enabled) return next(new ldap.NoSuchObjectError(req.dn.toString()));

    const [getMailboxError, mailbox] = await safe(mail.getMailbox(parts[0], parts[1]));
    if (getMailboxError) return next(new ldap.OperationsError(getMailboxError.message));
+    if (serviceId === 'pop3' && !mailbox.enablePop3) return next(new ldap.OperationsError('POP3 is not enabled'));

    const [appPasswordError] = await safe(verifyAppMailboxPassword(serviceId, email, req.credentials || ''));
    if (!appPasswordError) { // validated as app
@@ -681,6 +683,7 @@ async function start() {
    gServer.bind('ou=imap,dc=cloudron', authenticateMail); // dovecot (IMAP auth)
    gServer.bind('ou=msa,dc=cloudron', authenticateMail); // haraka (MSA auth)
    gServer.bind('ou=sieve,dc=cloudron', authenticateMail); // dovecot (sieve auth)
+    gServer.bind('ou=pop3,dc=cloudron', authenticateMail); // dovecot (pop3 auth)

    gServer.bind('ou=sftp,dc=cloudron', authenticateSftp);    // sftp
    gServer.search('ou=sftp,dc=cloudron', userSearchSftp);